2010 > 2013 > 2017
4년만에 새로운 TOP 10 발표
OWASP(The Open Web Application Security Project)는 오픈소스 웹 애플리케이션 보안 프로젝트이다. 주로 웹에 관한 정보노출, 악성 파일 및 스크립트, 보안 취약점 등을 연구하며, 10대 웹 애플리케이션의 취약점 (OWASP TOP 10)을 발표했다.
2017
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
Injection
Broken_Authentication_and_Session_Management
Cross-Site_Scripting_(XSS)
Broken_Access_Control
Security_Misconfiguration
Sensitive_Data_Exposure
Insufficient_Attack_Protection
Cross-Site_Request_Forgery_(CSRF)
Using_Components_with_Known_Vulnerabilities
Underprotected_APIs
2013
https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf
Injection
Broken_Authentication_and_Session_Management
Cross-Site_Scripting_(XSS)
Insecure_Direct_Object_References
Security_Misconfiguration
Sensitive_Data_Exposure
Missing_Function_Level_Access_Control
Cross-Site_Request_Forgery_(CSRF)
Using_Components_with_Known_Vulnerabilities
Unvalidated_Redirects_and_Forwards
4년만에 새로운 TOP 10 발표
OWASP(The Open Web Application Security Project)는 오픈소스 웹 애플리케이션 보안 프로젝트이다. 주로 웹에 관한 정보노출, 악성 파일 및 스크립트, 보안 취약점 등을 연구하며, 10대 웹 애플리케이션의 취약점 (OWASP TOP 10)을 발표했다.
2017
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
Injection
Broken_Authentication_and_Session_Management
Cross-Site_Scripting_(XSS)
Broken_Access_Control
Security_Misconfiguration
Sensitive_Data_Exposure
Insufficient_Attack_Protection
Cross-Site_Request_Forgery_(CSRF)
Using_Components_with_Known_Vulnerabilities
Underprotected_APIs
2013
https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf
Injection
Broken_Authentication_and_Session_Management
Cross-Site_Scripting_(XSS)
Insecure_Direct_Object_References
Security_Misconfiguration
Sensitive_Data_Exposure
Missing_Function_Level_Access_Control
Cross-Site_Request_Forgery_(CSRF)
Using_Components_with_Known_Vulnerabilities
Unvalidated_Redirects_and_Forwards
댓글
댓글 쓰기